Skip to main content

À la carte phone hacking is scary, but it’s better than a government backdoor

 

Another day, another hack by the Israeli firm that’s become a go-to for exposing what’s happening in various high-profile targets’ phones. If you haven’t heard of Cellebrite yet, it’s because you’re not Jeff Bezos, Lev Parnas, or a criminal whose phone the FBI would very much like to access.

Recommended Videos

The company has hacked several phones on behalf of the U.S. government, and in the Bezos case, was actually used by experts at the United Nations to analyze how, exactly, the Amazon founder’s phone was hacked.

Cellebrite is not the only name in the game: There’s also the much shadier NSO Group, which experts suspect has been hired by authoritarian regimes to spy on journalists and dissidents. GrayKey, Paraben, Blackbag, and MSAB have also all sold their phone-hacking tech to at least two dozen law enforcement agencies around the U.S., according to a report by OneZero.

That report revealed in stark detail just how widespread the use of this type of phone hacking tech has become across the country: It is truly possible for most law enforcement agencies to access the phone of just about anyone, if they so wish.

Yet the U.S. government, from President Donald Trump to the FBI, continues to demand that Apple and other tech companies provide authorities with an encryption backdoor — an idea that privacy advocates all agree is an extremely bad one.

Image used with permission by copyright holder

“I would rather see this than mandatory backdoors,” said Ron Gula, in reference to having companies like Cellebrite in operation. Gula is a former National Security Agency white-hat hacker who now invests in up-and-coming cybersecurity companies in the D.C. area. “Of course, I would rather there be no vulnerabilities at all. But this is a world were law enforcement relies on vulnerabilities to do intelligence gathering, and I want them to focus on that, and not mandatory backdoors. Otherwise, we’re China.”

Rosa Smothers, a former CIA analyst who is now the senior vice president of cyber operations at KnowBe4, a provider of digital security awareness training, said she “1,000% agrees” with Gula’s assessment. “The government has to weigh the benefit of that kind of exploitation and whether it’s worth that kind of security damage,” she told Digital Trends.

“We should all be very concerned about people getting into digital devices,” said David Harding, senior vice president and chief technical officer at ImageWare, a biometric digital security company that works in both the private sector and with the government. “And we should all be very concerned about a government that has everybody’s information readily accessible.”

Why Cellebrite matters

Cellebrite is truly the 800-pound gorilla in the industry, according to Smothers, which is why its name keep popping up in so many cases. “They’re the most user-friendly,” she told Digital Trends, which is useful for police precincts that might not have the time or resources to train up their offices on very technical software. (Cellebrite told Digital Trends that it “cannot comment on specific cases.”)

cellebrite machine
An engineer shows devices developed by the Israeli firm Cellebrite that can hack a locked smartphone and pull the data from it. Jack Guez / AFP via Getty Images

Companies like Cellebrite rely on finding existing vulnerabilities in operating systems and software to provide access opportunities into phones (and they keep those a secret, so companies like Apple don’t get wise and patch them). As those vulnerabilities are updated, these companies must also update their methods. An encryption backdoor would eliminate the need for these kinds of constant updates, and would make it easier to actually read any images that police had taken off of a phone. “They are only as successful as the availability of these vulnerabilities,” Harding said.

The legality of all of this is still extremely fuzzy, said Harding. Every state has its own regulations, and they’re changing all the time: some states will allow police to take someone’s biometric data but not a password, for example. “It’s a bit patchwork in this country,” Harding said.

For now, an average person on the street should probably assume that their phone can and has been accessed by some random tech firm. “We’re all only a few degrees away from someone interesting,” Gula said. “Everyone’s got something to steal.”

These companies all advertise strictly to law enforcement — for now. Smothers said it should stay that way. “Yes, we want to be able to seize the phones of terrorists from Afghanistan or Syria, and see what they’re planning,” she said. “But the reality on the ground is, if the government starts introducing purposeful backdoors, every intelligence agency in the world will be full-court press to get into those phones. You’ll be ringing the dinner bell.”

“It’s really unfortunate that there might be terror cells in the U.S.,” said Gula. “But the threat of someone with a gun who might be part of a terrorist group doesn’t rise to the occasion of needing to put a backdoor on everyone’s phones.”

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Google just gave vision to AI, but it’s still not available for everyone
Gemini Live App on the Galaxy S25 Ultra broadcast to a TV showing the Gemini app with the camera feature open

Google has just officially announced the roll out of a powerful Gemini AI feature that means the intelligence can now see.

This started in March as Google began to show off Gemini Live, but it's now become more widely available.

Read more
This modular Pebble and Apple Watch underdog just smashed funding goals
UNA Watch

Both the Pebble Watch and Apple Watch are due some fierce competition as a new modular brand, UNA, is gaining some serous backing and excitement.

The UNA Watch is the creation of a Scottish company that wants to give everyone modular control of smartwatch upgrades and repairs.

Read more
Tesla, Warner Bros. dodge some claims in ‘Blade Runner 2049’ lawsuit, copyright battle continues
Tesla Cybercab at night

Tesla and Warner Bros. scored a partial legal victory as a federal judge dismissed several claims in a lawsuit filed by Alcon Entertainment, a production company behind the 2017 sci-fi movie Blade Runner 2049, Reuters reports.
The lawsuit accused the two companies of using imagery from the film to promote Tesla’s autonomous Cybercab vehicle at an event hosted by Tesla CEO Elon Musk at Warner Bros. Discovery (WBD) Studios in Hollywood in October of last year.
U.S. District Judge George Wu indicated he was inclined to dismiss Alcon’s allegations that Tesla and Warner Bros. violated trademark law, according to Reuters. Specifically, the judge said Musk only referenced the original Blade Runner movie at the event, and noted that Tesla and Alcon are not competitors.
"Tesla and Musk are looking to sell cars," Reuters quoted Wu as saying. "Plaintiff is plainly not in that line of business."
Wu also dismissed most of Alcon's claims against Warner Bros., the distributor of the Blade Runner franchise.
However, the judge allowed Alcon to continue its copyright infringement claims against Tesla for its alleged use of AI-generated images mimicking scenes from Blade Runner 2049 without permission.
Alcan says that just hours before the Cybercab event, it had turned down a request from Tesla and WBD to use “an icononic still image” from the movie.
In the lawsuit, Alcon explained its decision by saying that “any prudent brand considering any Tesla partnership has to take Musk’s massively amplified, highly politicized, capricious and arbitrary behavior, which sometimes veers into hate speech, into account.”
Alcon further said it did not want Blade Runner 2049 “to be affiliated with Musk, Tesla, or any Musk company, for all of these reasons.”
But according to Alcon, Tesla went ahead with feeding images from Blade Runner 2049 into an AI image generator to yield a still image that appeared on screen for 10 seconds during the Cybercab event. With the image featured in the background, Musk directly referenced Blade Runner.
Alcon also said that Musk’s reference to Blade Runner 2049 was not a coincidence as the movie features a “strikingly designed, artificially intelligent, fully autonomous car.”

Read more